Dear All,
May I please ask for your help regarding the configuration of X.509 Certificate Authentication to CAS. We are using the following: - CAS 3.4.2 with Debian Lenny OS - Java 6 We are currently using a public SSL Certificate for our SingleSignOn which came from Comodo PositiveSSL. We would like to have our authentication become seamless. We tried to used CAS-SPNEGO but it has some issues with IE i.e Poping up for basic authentication. And it has been recommended by some good people here to use X.509 Certificate Authentication. On the procedures here https://wiki.jasig.org/display/CASUM/X.509+Certificates. For the configurations of CAS I believed I've already put them in placed however there is two parts that I am very confused: 1. On CAS Server end what should I do to make the certificate be acceptable to client (users) 2. On Client or User end what should I do to make the certificate acceptable to CAS Server Please correct me if I am wrong, these are the things that I did: 1. From CAS Server: a. We already have the keystore which we are using until now in Production so I didn't generate for a new one since we already have a keystore. b. Please see the tomcat server.xml config: <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/tomcat/tomcat.keystore" keypass="secret" /> Questions: - Can I reused that keystore or should I regenerate a new one? - From the document it has mentioned this config lines: <!-- Define a SSL HTTP/1.1 Connector on port 443 --> <Connector port="443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="want" sslProtocol="TLS" keystoreFile="/path/to/keystore.jks" keystorePass="secret" truststoreFile="/path/to/myTrustStore.jks" truststorePass="secret" /> <!-- if you do not specify a truststoreFile, then the default java "cacerts" truststore will be used--> - Where does that truststoreFile should come from? Is it generated on the server or it's generated on the client computer? 2. On the Client or User End a. What are the things that needs to be run? b. Should I copy the .crt file from CAS Server and put it on my local machine? Please tell me how. c. What should be done in client ends. I hope you guys can help me with this. I have been working for this in 3 days now im so delayed with my targets. Thank you so much.. Kind Regards, BARBOSA Bernard Senior Administrator, System/Network MUSIC Group Macao Commercial Offshore Limited (Philippines) ROHQ IP Phone: 60651 ext 1245 Tel: +63 2 9028200 ext 1245 Email: [email protected] Web: www.music-group.com | www.behringer.com | www.bugera-amps.com youtube.com/behringer <http://www.youtube.com/behringer> twitter.com/behringer <http://www.twitter.com/behringer> facebook.com/behringer <http://www.facebook.com/behringer> myspace.com/behringer <http://www.myspace.com/behringer> flickr.com/behringerrocks <http://www.flickr.com/behringerrocks> :-) Build Teamwork :-) Take Ownership :-) Don't Waste Resources :-) Clean Workplace = Clean Mind :-) Respect Guidelines and Policies :-) Improve Yourself and Help Others :-) Don't Forget to Smile and Say Thank You This email is intended exclusively for the addressee(s) named above and may contain privileged and confidential information. If you are not (among) the intended recipient(s), you may not copy, utilize or distribute any of the information contained herein. If you have received this email in error, please notify us immediately via return email and delete the original from your mailbox. Thank you. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
<<image001.jpg>>
<<image002.jpg>>
<<image003.jpg>>
<<image004.jpg>>
<<image005.jpg>>
